Author Archives: Matt Kinley

FORMERLY ILLICIT BUSINESSES COME INTO MAINSTREAM

Law Firm publishes “The Week in Weed”

State ballot measures and state legislatures have slowly but steadily legalized the use of marijuana.   The specifics of the law have specific ramifications for people and businesses even if they never roll a joint.

As one example, Federal law still prohibits the use and sale and marketing of marijuana.  Professionals advising employers, banks, and health care providers have unique issues in determining reactions to events.  For example, should a bank do business with an organization marketing and selling marijuana?  Can an accountant provide an appropriate audit?  Can a lawyer help create a corporation for a weed based business?

Can a physician work for one?  Most medical marijuana clinics fail to utilize doctor ownership, thus potentially violating the corporate practice of medicine doctrine in California.

The Week in Weed provides an on-going discussion of the ethical and legal issues of a weed business.  In a recent report that independent investment is slow to embrace the business but:

“Overall funding to cannabis-centered startups has ballooned in the past two years, up over 90% since 2014 despite a slight decrease in 2016′s investment levels.

While private investment to the industry remains siloed among a select group of cannabis-focused investors, institutional investors such as Founders Fund, Y Combinator, and 500 Startups are slowly taking notice.”

Keeping up to date in marijuana laws will be a state by state job.   The rules will be complex because of the intersection of state and federal law.

By Matt Kinley, Esq.  See his profile at KinleyLawPractice.com

 

HIRING THE HEALTH CARE LAWYER

MAKE SURE YOUR NOT GETTING RIPPED-OFF BY THE BIG LAW FIRM

The Problem

All businesses need to be careful with hiring and paying attorneys. American Express at Open Forum reports on the different ways that law firms take advantage of clients. Some examples: Including charges for corporate, estate planning and real estate forms that they have used multiple times and billed to multiple clients.  Being shuffled off to less experienced attorneys and paying for the “supervision” by the senior attorney; and, refusing to negotiate the billable hour and replacing it with things like flat fees or other creative billing.

According to AMEX: “All attorneys should be open to negotiating their hourly rate, especially if you have a big project or will pay a cash retainer up front,” said Street. “Better yet, ask them to quote you a flat rate for your project. Most attorneys are still learning how to think about flat- or project-rate billing, so they may need your help in setting the fee, but you will then have complete control over the cost of your representation.”

Avoiding Excessive Legal Fees

All businesses, especially healthcare businesses, avoid the problems of hiring lawyers by creating a continuing relationship with a lawyer. Businesses of a certain level have the ability to hire in-house counsel, an important position in any organization. The General Counsel of a firm can protect it from many legal threats and can help the organization find appropriate legal support.

Smaller businesses can’t afford to hire General Counsel. Given the more and more complicated legal framework, owners of businesses must find appropriate avenues to obtain advice to avoid the harsh penalties of a legal mistake.

Healthcare Law and the General Counsel

Healthcare firms must make sure that they get accurate and specialized lawyering to support their business. One step is to follow the guidelines of AMEX when hiring a lawyer and make sure they are getting the right advice and paying the appropriate amount for the advice.  Negotiating and setting a set plan for the advice needed is the best alternative to the billable hour.

Healthcare Compliance

Healthcare firms face a wide range of regulatory compliance matters impacting the healthcare industry.

Kinley Law Practice works with businesses to create and implement safeguards to ensure that clients are in compliance with all applicable federal and state regulations. These safeguards not only minimize exposure to administrative fines, costly lawsuits and settlements, they also ensure maximum profits and efficiency.

KLP’s compliance capabilities include:

• Anti-kickback laws
• Stark Law matters
• Ethics and Patient Referral Act
• Emergency Medical Treatment and Active Labor Act (EMTALA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Health Information Technology for Economic and Clinical Health Act (HITECH)
• Loss of licensure issues
• Corporate Integrity Agreement negotiations with Health and Human Services
• Office of the Inspector General
• Clinical Research Regulations
• Informed Consent matters
• Medical staff and peer review matters
Outside General Counsel Services

KLP’s general counsel services are a unique way for healthcare clients to obtain the expertise and accessibility of an in-house legal team without having to endure the burden of employing and managing a team of attorneys. Our clients typically engage us on a set monthly retainer based on business size, volume of work involved and other business specific factors. We provide a complete turnkey solution for all legal needs, or we can work with existing in-house counsel to provide specialized guidance with a particular challenge, such as with post-acquisition employment compliance integration or the development and maintenance of a licensure platform.

As “outside general counsel” we provide the following services personalized to the specific needs of our clients:

Compliance and Risk Assessment. We personally visit our clients’ business site and conduct a top to bottom review of processes to assess risk and establish relationships with staff. We will know each key employee by name and each of those individuals has access to our expertise at their fingertips.

Contract Review and Negotiation. We draft, revise and update all form contracts and negotiate and document the multitude of contracts our clients need to function. We provide a complete solution from equipment purchase deals to commercial leases and everything in between.

Employment Issues. We help develop sound recruiting, hiring, discipline, termination policies to help our clients minimize administrative claims and litigation risks.

Litigation Management. We manage all aspects of litigation by outside counsel or handle litigation needs ourselves. If hiring other outside counsel is in the best interest of our clients, we will work with outside counsel to keep track of budgets and strategies. We monitor important filings, deposition transcripts and coordinate trial and alternative dispute resolution tactics.

Onsite Office Visits and Management Meetings. We partner with our clients to on site at regular intervals to enable us to work face-to-face with key management personnel in identifying and implementing specific strategies for improving efficiency in a legally sound manner. We regularly participate in key management meetings and provide input as needed.

Transactions and Real Estate Needs. We advise our clients in all aspects of transactions such as the purchase of physician practice, to structuring the ownership of medical office buildings occupied by physician owners. We also negotiate space leases between hospitals and physicians as well as consult in the construction, financing and equipping of continuing care retirement communities, nursing homes, and assisted living facilities.

Matt Kinley, Esq. Healthcare Lawyer at Kinley Law Practice.

 

California Health Record Privacy

 

In California, the Confidentiality of Medical Information Act (“CMIA”) creates rights for patients in their own personal records. While most attention is given to federal law, especially HIPAA and HI-Tech, when trying to understand what to do medical records.

California has created a strong statutory scheme to protect patients’ rights. Codified at Civil Code section 56.10, the Act provides that “No provider of health care provider, service plan or contractor shall disclose medical information regarding a patient of the provider of healthcare or an enrollee or subscriber of a health care service plan without first obtain an authorization” from the patient. The statute then goes on to proscribe in detail the requirements for authorization.

Violation the CMIA will result in fines and a civil cause of action against the party who provided the private healthcare information.

CMIA does have several exceptions. Some the exceptions require the healthcare provider to disclose information, for example under court order or for police or coroner investigations. Other exceptions allow, but do not required, the physician to disclose medical records to other health care providers and healthcare insurance companies. Healthcare providers may also provide information that has been scrubbed of identifiable information to public health studies and other companies who will allow the medical profession to better understand healthcare service.

By Matt Kinley, Esq.

KINLEY TO SPEAK ON “WHO OWNS PATIENT DATA”

R-HEALTH BY THE HEALTH MANAGEMENT INTEREST GROUP SEEKS TO EDUCATE ON THE DANGERS AND OPPORTUNITIES IN PATIENT DATA

University of California, Riverside. HIPAA and the Hi-Tech regulations impose burdens on healthcare providers on how private health information can be utilized.  Given the potential penalties for missteps, this is an important topic for the healthcare industry to grasp.  Tickets are still available!

As a recent Office of Civl Rights Report recently pointed out, 2016 was a record year for enforcement: “OCR has been on a tear, settling 11 cases in 2016 with resolution agreements and corrective action plans. The agency also won a decision by an administrative law judge in an enforcement action contested by a home healthcare and medical equipment supplier (see OCR Slaps Home Health Provider with Penalty.”

Private Health Information must be maintained and utilized in ways that protect the information from exposure.

Matt Kinley is a health care attorney and founder of Kinley Law Practice in California. You can contact him at matt@kinleylawpractice.com.

 

WHAT ABOUT A MANAGEMENT SERVICES ORGANIZATION?

AVOIDING THE PROHIBITION AGAINST NON-PHYSICIAN OWNERSHIP OF MEDICAL ORGANIZATIONS

A management services organization (“MSO”) is an entity which would contract with a physician or a medical corporation owned and operated by physicians. The MSO could be owned by non-physicians.  The physician or medical corporation can pay the MSO for everything. Employees would work for the MSO; the MSO would pay for the lease.  The MSO would pay for all significant expenses and receive a fee for its services.

The Corporate Practice Medicine Doctrine (CPOM) is strong in California. Under this doctrine, physicians must control clinical decisions. The concern is that if business entities owned by non-physicians are permitted to control the rendering of care, they will subordinate clinical care to commercial considerations and profits. The objective, therefore, is to prevent non-physicians and non-physician-owned business entities from influencing treatment decisions.

This presents a significant constraint to physician business ventures. Specifically, if physicians or other clinical personnel work for entities other than professional medical corporations, they may be exposed to disciplinary risks, as well as to forfeiture of revenues.. For non-physician business partners, violating the CPOM may also bring both civil and, in extreme cases, potential criminal liability for engaging in medical practice without a license.

MSO

In California, the solution for avoiding violations of the CPOM in business ventures in which physicians work with businesses owned by unlicensed persons is a contractual relationship between the physician entity and the unlicensed business entity, or a “management services organization (MSO).” This is a business vehicle that permits unlicensed persons to provide services to physicians and their professional medical corporations. In its simplest form, an MSO provides basic practice support services to physicians and professional medical corporations via a contractual relationship, commonly known as a management services agreement. These services frequently include activities such as billing and collection, administrative support in certain areas, and electronic data interchange (e.g. electronic billing). Some MSO’s provide a broader set of services: the MSO may purchase many of the assets in a medical practice, such as office space or equipment. MSO’s can employ office support staff, and assist with a wide range of non-clinical functions. MSO’s can also assist in functions such as marketing. Often, MSO’s can reduce costs by bringing economies of scale and professional management experience into physician practices, thereby improving operational efficiency and reducing overhead costs.

the MSO must be carefully considered and constructed.  Review and application of relevant laws and regulations is a must.

By Matt Kinley, Esq. of the Kinley Law Practice

Kinley Law Practice starts January, 2017

QUALITY HEALTH LAW ADVICE

The California Healthcare Law Blog was created several years ago to keep the healthcare industry abreast of new developments in health law.  It’s been an amazing journey!  It’s culminated in a new law firm, Kinley Law Practice, committed to supporting health care entities with quality advice.  Give me a call at 562.715.5557 or email me at matt@kinleylawpractice.com with comments or questions.

 

klp_newyearannouncement

ANNOUNCEMENT for California Healthcare Law!

Wishing you all Happy Holidays and a great 2017!!15591617_10209664176813896_850258008651978225_o

How to Utilize an Attorney for HIPAA Breach Analysis

Attorney’s Role in Breach Analysis

An attorney’s role in any potential breach is to lead an assessment of the breach and to help clients determine whether to disclose a breach by applying the law to the factual investigation. Such an assessment is required for covered entities when a breach is suspected under Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules, and under the HITECH Act and the Genetic Information Nondiscrimination Act (GINA) and the corresponding regulations. As the company and experts review the potential breaches, the attorney should apply the  law implicated by the facts.  The appropriate law may not only be the federal law, but state law, as well.  For example,   the very stringent California Privacy Law which applies to breaches in California.

IF it is determined that there is a reportable breach, the attorney assists with the proper methods to make notification.

Any attorney chosen for this task should have experience and education in healthcare law.  Some examples include a healthcare LLM, such as the one offered by Loyola Chicago’s Beazley Institute for Health Law and Policy. and designations in compliance, such as someone certified in Healthcare Compliance (CHC).

My background includes retention by several clients to help with such an assessment, a Masters of Law (LLM) in Healthcare Law from Chicago Loyola Law School and I am Certified in Healthcare Compliance (CHC). I help healthcare institutions comply with HIPAA and other federal and state regulations.

Definition of Breach

A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information. An impermissible use or disclosure of protected health information is presumed to be a breach unless the covered entity demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment.

The risk assessment requires the following investigation:

1. The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification;
2. The unauthorized person who used the protected health information or to whom the disclosure was made;
3. Whether the protected health information was actually acquired or viewed; and,
4. The extent to which the risk to the protected health information has been mitigated.

The team must also complete an analysis on three potential exceptions to the definition of “breach.” The first exception applies to the unintentional acquisition, access, or use of protected health information by a workforce member or person acting under the authority of a covered entity or business associate, if such acquisition, access, or use was made in good faith and within the scope of authority. The second exception applies to the inadvertent disclosure of protected health information by a person authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the covered entity or business associate, or organized health care arrangement in which the covered entity participates. In both cases, the information cannot be further used or disclosed in a manner not permitted by the Privacy Rule. The final exception applies if the covered entity or business associate has a good faith belief that the unauthorized person to whom the impermissible disclosure was made, would not have been able to retain the information.

Unsecured Protected Health Information and Guidance

Covered entities must only provide the required notifications if the breach involved unsecured protected health information. Unsecured protected health information is protected health information that has not been rendered unusable, unreadable, or indecipherable to unauthorized persons through the use of specific technology or methodology.

By Matt Kinley,Esq.,  LLM, CHC

562.715.5557

 

IS YOUR HEALTHCARE COMPLIANCE PROGRAM COMPLIANT?

HEALTHCARE COMPLIANCE

10 RED FLAGS

Under current law, physicians are required to maintain an effective, comprehensive compliance program to detect, correct and prevent incidences of non-compliance with state and federal regulatory law.  Goals of a comprehensive compliance program is to prevent the significant criminal and civil penalties that might come with a violation of the False Claims Act, Stark, the Anti-Kickback Statutes, HIPAA and state law equivalents. Failure to comply might lead to exclusion from health payments. Here is a summary of the core components of a complete compliance plan:

#1  MISSING OR INCOMPLETE WRITTTEN POLICIES, PROCEDURES AND STANDARDS OF CONDUCT

#2  PEOPLE:   NO COMPLIANCE OFFICER OR COMPLIANCE COMMITTEE

#3  TRAINING:  THE FACILITY LACKS EFFECTIVE TRAINING AND EDUCATION

#4.  COMMUNICATION:  THE FACILITY LACKS

#5.  PERSONEL:  FAILURE TO PUBLISH DISCIPLINARY STANDARDS & TO EFFECTIVELY DISCIPLINE VIOLATORS

#6.  NO SYSTEM TO AUDIT AND MONITOR ORGANIZATION COMPLIANCE AND COMPLIANCE RISKS

 #7  FAILURE TO CREATE PROCEDURES TO PROMPTLY RESPOND TO IDENTIFIED ISSUES AND SELF DISCLOSURE OBLIGATIONS

#8.  LACK OF SUPPORT FROM PHYSICIANS AND LEADERSHIP OF THE ORGANIZATION

#9.  FAILURE TO INSTITUTE PRIVATE HEALTH INFORMATION POLICIES

#10. FAILURE TO MONITOR NEW LAW AND UPDATE COMPLIANCE ACCORDINGLY

By Matt Kinley,Esq., LLM, CHC

562.715.5557

             

 

                

 

 

 

Sterilize Your Potential Liability

Is your business compliant with OSHA’s Bloodborne Pathogens Standard?

If you operate a business with employees that are exposed to blood or other potentially infectious materials (OPIM), your business is subject to OSHA’s Bloodborne Pathogens Standard (BPS) under the Code of Federal Regulations. In spite of its attempt to simplify these requirements on its online fact sheet, OSHA imposes a minefield of regulations for small to midsize businesses to navigate. This post provides a brief overview of the Bloodborne Pathogens Standard and what it means to your business.

Have an Updated Plan

All good businesses have a plan right? Well, OSHA adds to your plans by requiring an “exposure control plan.” 29 C.F.R. 1910.1030 (c)(1). Under this plan, employers must create a catalogue that classifies the employee positions in the company by the level of blood and OPIM exposure. 29 C.F.R. 1910.1030 (c)(2)(i)(A). Also, this plan must detail the tasks and procedures performed by each classification of employee that causes their exposure. 29 C.F.R. 1910.1030 (c)(2)(i)(C).

The Bloodborne Pathogens Standard not only requires the employer to have an exposure control plan but also requires that it be updated annually “to reflect changes in tasks, procedures, and positions that affect occupational exposure, and also technological changes that eliminate or reduce occupational exposure.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet.

In order to make these updates to the satisfaction of OSHA, the employer must also document in their plan that they both considered and begun using safer medical devices to minimize occupational exposure and engage with their employees “in identifying, evaluating, and selecting effective engineering and work practice controls.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet,  And we’re just getting started.

Don’t Discriminate

It is imperative under the Bloodborne Pathogen Standard that the precautions used to prevent an exposure incident are universal. 29 C.F.R. 1910.1030 (b). As OSHA explains, this means “treating all human blood and OPIM as if known to be infectious for bloodborne pathogens.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet.

Be Well Stocked With the Right Equipment

The Bloodborne Pathogen Standard requires the examination, maintenance, and routine replacement of “engineering controls.” 29 C.F.R. 1910.1030 (d)(2)(ii). What are engineering controls you ask? They are “controls . . . that isolate or remove the bloodborne pathogens hazard from the workplace” such as sharps disposal cleaners and self-sheathing needles among others. 29 C.F.R. 1910.1030 (b). In other words, take the garbage out on a regular basis. Employers must also provide appropriate personal protective equipment (PPEs) for employees with occupational exposure such as “gloves, gowns, laboratory coats, face shields or masks and eye protection, and mouthpieces, resuscitation bags, pocket masks, or other ventilation devices.” 29 C.F.R. 1910.1030 (d)(3)(i). These PPEs must be provided by the employer at no cost to its employees. Id.

Take Preventative and Remedial Measures

Hepatitis B vaccinations must be made available to all employees with occupational exposure after they have received training and within 10 working days of their initial assignment. 29 C.F.R. 1910.1030 (f)(2)(i). Should there be an exposure incident, you must “make available post-exposure evaluation and follow-up to any occupationally exposed worker who experiences an exposure incident.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet. The procedures the employer must follow after an exposure incident can become complicated with consent and health-related confidentiality issues regarding investigations of the source individual and the employee.

The requirements surrounding warning labels and signs communicating hazards are lengthy enough to warrant their own blog post. The main takeaway from the BPS requirements for labels and signs is this: Anything that comes into contact in any way with blood or OPIM must have a label or sign that warns against the dangers of exposure. As the Code of Federal Regulations states, warning labels must be affixed to “containers of regulated waste, refrigerators and freezers containing blood or other potentially infectious material; and other containers used to store, transport or ship blood or other potentially infectious materials. 29 C.F. R. 1910.1030 (g)(1)(i). There are also specific regulations relating to warning signs for all entry ways in HIV and HBV research laboratories and production facilities. See 29 C.F.R. 1910.1030 (g)(1)(ii).

This post only scratches the surface of OSHA’s Bloodborne Pathogens Standard. If you run a business that exposes its employees to blood and other potentially infectious materials, you must comply with these regulations under federal law. Operating a healthcare facility is no simple task even before considering regulations such as the Bloodborne Pathogens Standard. Protect your business and ensure you are complying with these detailed requirements.

By Matt Kinley,Esq., LLM, CHC

562.715.5557